Symantec AutoFix Support Tool 'SYMADATA.DLL' ActiveX Control Remote Buffer Overflow Vulnerability
Gravedad: Medio
Identificadores de CVE : CVE-2008-0313
Fecha recomendada: 15 de febrero de 2011
Descripción
Symantec AutoFix Support Tool ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
NOTE: To exploit this issue, an attacker must entice an unsuspecting victim to to visit a malicious website masquerading as a trusted Symantec site.
This issue affects 'SYMADATA.DLL' 2.7.0.1 ActiveX control, which is part of the following Symantec products:
Norton 360 1.0
Norton AntiVirus 2006-2008
Norton Internet Security 2006-2008
Norton System Works 2006-2008
Revelación de la información
Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1002362
Trend Micro Deep Security DPI Rule Name: 1002362 - Microsoft Internet Explorer Symantec Autofix Tool ActiveX Buffer Overflow
Software y versión afectados
- Symantec Norton 360 1.0
- Symantec Norton AntiVirus 2006
- Symantec Norton Antivirus 2007 0
- Symantec Norton Antivirus 2008 0
- Symantec Norton Internet Security 2006 0
- Symantec Norton Internet Security 2007 0
- Symantec Norton Internet Security 2008 0
- Symantec Norton SystemWorks 2006 0
- Symantec Norton SystemWorks 2007 0
- Symantec Norton SystemWorks 2008 0